Ankur Aggarwal wrote:
1) I already have a (.bat) script which can enable me to change the
radio mode from .11 a-> b-> g and set the channel number. How do I add
an additional tab which will run it for me in the background instead of
manually typing it?
You'd have to modify the code in the gtk directory to do that.
2) In one portion you talk about converting wireless packets to fake
Ethernet packet
...which is what's done, on Windows, either by the adapter in the
default mode the driver puts it into, or by the adapter's driver, as
that's what Windows currently expects. (Microsoft are apparently
developing a "native 802.11" mode:
http://www.microsoft.com/whdc/device/network/802x/Native80211.mspx
although I don't know that it'd support supplying packets with 802.11
headers through NDIS.)
and in the other you talk about the interpretation of
rf-parameters like data rate, channel, signal level, etc.
I mentioned that in the context of reading Airopeek captures, not of
capturing on Windows.
(the unused byte actually is reserved for noise values)
"Reserved for noise values" meaning "currently used for noise values",
or meaning "WildPackets have reserved it in case they supply noise
values in the future"?
The Ethernet packets do not
have provision for these fields. How does one handle this information
(assuming winPcap is modified to generate it)
If you can supply 802.11 headers with your driver, then the best way to
handle the radio headers would be to supply the radio information in a
"radiotap" header, followed by an 802.11 header and the 802.11 payload.
The radiotap header can be seen here:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/net80211/ieee80211_radiotap.h?rev=1.10&content-type=text/x-cvsweb-markup
The radiotap header begins with the "struct ieee80211_radiotap_header"
structure - all fields in it are little-endian - and is followed by the
values of the fields supplied (the bitmap indicates which fields are
supplied).
You would make WinPcap supply a DLT_ value of DLT_IEEE802_11_RADIO (127).
3) Is there any way to by-pass the winPcap and directly interface with
ethereal?
Not on Windows.
Bypassing WinPcap would limit this to Ethereal; doing it in WinPcap
means that other applications could use it as well.